Official Phoenix Discussion

system · March 5, 2022, 3:00pm

Official discussion thread for Phoenix. Please do not post any spoilers or big hints.

Jocker · March 6, 2022, 4:02am

anyone find any foothold

timrashed · March 6, 2022, 6:27am

I found a vuln but it’s slow and i am not sure if it will merit any fruits

timrashed · March 6, 2022, 7:20am

Was able to laterally move but sadly didn’t get any more privileges. Will keep hammering

BrickedWindows · March 6, 2022, 3:09pm

Let me preface with a warning that I’m new and still learning but here are my thoughts/experiences:

Comment fields seem to be sanitized. Looks like you may need to have author privs.
My only thought is to throw rockyou at ph*ix and jsth but didn’t have luck after a couple hours.

Please share your opinions on my methodology and what you guys are thinking

mattzq · March 6, 2022, 4:22pm

Oh thats why the servers are so slow lol. I don’t think you have to brute force any logins. Enumeration of the running application should get you the foothold.

I didn’t get any further than that though.

billbrasky · March 6, 2022, 6:26pm

Yeah, no brute forcing needed. But this is horribly slow, even when you know what info you’re after. I had to give up because things were taking too long trying to get some specific info. I wonder if I’m missing a better technique.

tec · March 7, 2022, 12:21am

Got admin credential, but blocked by 2fa.

timrashed · March 7, 2022, 3:02am

Same here, I even got the OTP but it doesn’t work

clure · March 7, 2022, 8:44am

Same point…
Got 3 creds / 2 require 2FA / 1 is not that interesting
Can’t yet bypass 2FA though… I think I know how to do it … but if anybody has any idea how to speed up the enumeration process…

… it’s so slow …

tec · March 7, 2022, 1:22pm

Same. i’ve verified that the http time skew is within tolerance.

clure · March 7, 2022, 7:48pm

After spending hours to find t…p, I did find it (in a weird place btw). but I systematically get ‘invalid code’ when I try to use it…
My box is in sync with the target
This is starting to bore me a great deal now… If someone has any idea?

clure · March 9, 2022, 10:50am

Rooted. Thx a lot to @timrashed for your help

OTP seems to be a rabbit hole, which I think is a shame, it was a nice way to get in

Sogeking · March 11, 2022, 6:46am

Finally rooted the box, thanks @clure for the helps.

User is really hard for me. Root requires some enum but it’s easy to exploit.

Sogeking · March 11, 2022, 2:55pm

Check carefully where the 2FA is used.

tec · March 13, 2022, 2:28am

Great hint! thanks.

Finally got foothold. annoying 2FA (again).

happyhackerhour · March 16, 2022, 9:51pm

Thx for the HInt Guys!

im stuck on the 2FA part. i read in the treath that the 2FA/OTP is a dead end?

any pointers as to how to proceed? i have the admin creds, but cannot bypass 2FA.

thanks

bolazoo · March 19, 2022, 10:21pm

stuck on 2fa part too, any nudge to right direction would be appreciated!

Tnr1112 · March 29, 2022, 1:02pm

You could dm me on discord.

k4m1ll0 · April 1, 2022, 12:33pm

Rooted.

Topic		Replies	Views
Official Overflow Discussion Machines	15	1504	March 23, 2022
Official Resource Discussion Machines	155	4397	November 12, 2024
Official Undetected Discussion Machines	62	5606	June 27, 2022
Official Paper Discussion Machines	312	18043	May 19, 2023
Official Moderators Discussion Machines	12	2470	October 17, 2022

Official Phoenix Discussion

Related topics